2022-10-27 TATF Meeting Notes

Owned by Drummond Reed
Last updated: Nov 02, 2022
8 min read

Meeting Date & Time

  •   This Task Force holds TWO meetings weekly every Thursday at the following times (to cover global time zones - see the Calendar of ToIP Meetings):
    • NA/EU 07:00-8:00 PT / 14:00-15:00 UTC 
    • APAC 18:00-19:00 PT / 01:00-02:00 UTC

Zoom Meeting Recordings

Attendees

NA/EU Meeting

APAC Meeting

Main Goal of this Meeting

To close PRs and issues on the ToIP Technology Architecture Specification so we can be ready to release the First Public Review Draft on Nov 15 for Internet Identity Workshop.

Agenda Items and Notes (including all relevant links)

TimeAgenda ItemLeadNotes
3 min
  • Start recording
  • Welcome & antitrust notice
  • Introduction of new members
  • Agenda review
Chairs
  • Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
  • New Members: 
    • Ken Woodruff, Real Items, is visiting to see if this meeting is relevant.
5 minAnnouncementsAllSkipped due to time constraints.
2 minReview of previous action itemsChairs
  • ACTION: If you have any feedback on issues #40#46 & #49 — roles, pull requests (PRs) and the version publication process — please go in and comment. If you have any questions, ask them in the #tswg-tech-arch-tf Slack channel.
  • ACTION: ALL TATF members need to read the EasyCLA process document and decide on the CLA manager assignment for your organization in order to continue to make contributions to the TAS. You can also set it up to provide wildcard support for all representatives of your org (based on your email domain). See Elisa Trevino for access/help.
  • ACTION: Darrell O'Donnell to propose another variant of Figure 4 as a candidate for the "full stack" diagram discussed in issue #31. DONE.
  • ACTION: thomsona to propose a simpler diagram to replace the current Figure 4 in section 6.2 as discussed in issue #31.
  • ACTION: Jo Spencer to noodle on some diagrams that more clearly define the borders of the "sphere of influence" of the ToIP stack.
  • ACTION: Drummond Reed to begin a draft of a blog post announcing release of the Public Review Draft of the TAS.

ToIP Technology Architecture Specification Review Topics

Discussion of progress on the working draft of the ToIP Technology Architecture Specification (TAS). Links to relevant documents and diagrams:

5 minEasyCLA Process
Drummond Reed 

It's easy! Read the EasyCLA Guide and follow it.

Drummond explained how easy it was for him to activate for Avast/Norton. He encouraged all TATF members to activate EasyCLA ASAP.

5 minIssue #44 and PR #50 — License File
Antti Kettunen 

Antti's PR is stuck on a DCO problem. 

Antti said the PR is now #52. The DCO issue is an attestation from the developer. Antti has made an issue assigned to Elisa.

We then discussed the actual license that we need to attach. For copyright, it is Text is CC-BY-SA-4.0.

This is all in our WG charter; we can just copy it from there. The other source would be the Good Health Pass.

Judith: "Once EasyCLA is fully implemented you can most likely turn off DCO.  DCO was turned on because we didn't have EasyCLA in place yet."

ACTION: Drummond Reed will close issue #44 by checking with LF counsel Scott Nicholas as to what license should be stated in the LICENSE.MD file.

5 minsClosing PR #49 — PR Contribution Process

Andor Antti Kettunen 

Two of the four assigned editors have approved this PR. Can we merge it?

Description: Initial governance files of CODEOWNERS, CONTRIBUTING.md, and GOVERNANCE.md. Related to issues:

#40
#39
#38
#46

Antti believes this is ready to merge; Andor agrees. 

DECISION: PR #49 was labelled as last call.

10 minsIssue #31 — Four Layer Diagram

thomsona Drummond Reed Darrell O'Donnell Jo Spencer 

Review Allan's proposed new version of Figure 4.

See this evolution of the previous version.

Allan presented a new diagram (see screenshot #1 below) as a model diagram to convey the key concepts of what is in and out of scope for ToIP. He also showed Jo Spencer 's diagram that conveys many of the same concepts.

Darrell liked Allan's diagram for how it communicates the big picture.

Wenjing Chu likes Allan's diagram but said that Figure 4 is the scope of just a single Endpoint System.

Jacques Latour likes the diagram but feels it is still too high-level for his own purposes, which need to get into lower-level systems such as DNS. Allan agreed that the model diagram could be more detailed and specific, with a more detailed diagram.

Comments:

  • Darrell: yup - kind of a "why are we here" and "how do we fit into the world" - very crucial for those that haven't mixed and drank the koolaid.
  • Judith: Or use the HourGlass, and then have the other one in an appendix, for more information.
  • Tim Bouma : I am always on the lookout for a simple unifying theme for the ToIP model: So far (stealing Drummond's words), this model enables "Trust at a Distance" (TaaD)
  • Darrell: These diagrams can fit in to the TAS as well as be used in blogs and other marketing/communication material that we use for very pointed purposes.
  • Andor: I think the abstractions are super helpful, but also would be helpful I think to ground the abstraction in an actual example. I think that could be helpful for people to understand.
  • Darrell: I suggest Drummond takes the action of assembling these diagrams (views) into a story and we move on.
  • Neil: +1 to Allan's comment - these are diagrams for the architects, not policy makers.
  • Wenjing: the main point is the hourglass shape.
  • Andor: it would be helpful to take an example use case and run all the way through it.

ACTION: Drummond Reed to propose a storyline for a concluding section (or Appendix) that can incorporate all of the proposed diagrams in way that communicates the overall picture of the ToIP architecture from several views.

15 minsIssue #10: Definition of "authenticity" (is "integrity" needed?)

Neil Thomson 
Drummond Reed 

Neil will update us on his work on this issue — see this Google doc.

Neil explained that there are different definitions of these terms, and they are usually specific to particular contexts. He has also been talking to Henk van Cann about the same issues with related to KERI and ACDC.

Drummond had a long talk with Sam Smith and wrote up the following:

This paragraph in Neil’s writeup goes to the heart of it:

Dan Bachenheimer points out that many readers with security backgrounds will expect to see integrity listed alongside authenticity because they are considered separate security properties. For example, a message could have been sent by an authentic sender, but tampered with in transit so its integrity is lost.

Sam’s first point was very simple: if the message was “tampered with it transit”, then it is no longer from the authentic sender. At that point it is from the attacker (who of course will endeaver to make it the message still look like it is from the authentic sender).

Sam put it to me this way:

There is no concept of data transmission over the Internet where you can establish the authenticity of the data — secure attribution to a source — without having confirmed the integrity of the data.

So the resolution seems simple: the definition of “authenticity” when it comes to the ToIP stack and the Layer 2 Trust Spanning Protocol can essentially be:

A communication is authentic at ToIP Layer 2 when the receiver can cryptographically verify that it has been digitally signed by the private key bound to the sender’s identifier. Because this form of authenticity is conveyed via a digital signature over a body of content, by definition that digital signature is only valid if the body of content has not been tampered with in transmission. Therefore this form of authenticity inherently includes integrity.

If we agree on this point, then all we need to discuss is the PR that is needed to actually close the issue.

  • Darrell asked whether this point isn't actually self-evident.
  • Wenjing explained that he and Sam Smith had an hour-long discussion about why "integrity" is inherent in the way we are looking at "authenticity". That discussion agreed that one part is about the "integrity" of the party sending the message, i.e., identity binding. The other perspective is message authenticity and integrity, which are inextricably bound.
  • Wenjing suggested that we can address this in a footnote or a separate paragraph.
  • Neil T. - That Sam/Wenjing hour discussion is recorded and transcribed - available on Hackmd.io - will move that over to the terms wiki.
  • Drummond noted that the spec can also reference this topic in the glossary.

ACTION: Drummond Reed will work with Wenjing Chu and Neil Thomson to propose any revisions to the spec text and/or footnotes to explain how, from a ToIP context, "message integrity" is inherent in "authenticity".

10 minsTrust Registry

Darrell O'Donnell 

Key efforts beginning on the Trust Registry Protocol Specification v2.0. See screenshot #2 below for his opening slide. Darrell also share this link to the webinar that he and Christine Martin gave last month: https://www.continuumloop.com/trust-registries-beyond-the-basics/.

  • Key items for consideration:
    • Trust Registry metadata (avoiding standard "devops" things.
    • Credential Types (we reference the idea in v1.0 but don't discuss it further).
    • Presentation (Proof) Request Types.
    • Verifier and Issuer "types".
    • DID Method support (i.e. which ones are / are not supported).
    • Interop Profiles that are required/optional.
    • What Wallets are supported.
    • Role of DNS/DNSSEC as anchor point.
    • Machine Readable Governance.
  • ACTION: Darrell O'Donnell to create a document (Google doc or Google Slides) in the ToIP Google Drive to begin collaboration on the Trust Registry Task Force 2.0.
5 mins
  • Review decisions/action items
  • Planning for next meeting 
Chairs

ACTION: Drummond Reed to ask Elisa Trevino to cancel the TATF meetings on Thursday Nov 17 due to Internet Identity Workshop.

Screenshots/Diagrams (numbered for reference in notes above)

#1

#2

Decisions

  • DECISION: PR #49 was labelled as last call.

Action Items

  • ACTION: ALL TATF members need to read the EasyCLA process document and decide on the CLA manager assignment for your organization in order to continue to make contributions to the TAS. You can also set it up to provide wildcard support for all representatives of your org (based on your email domain). See Elisa Trevino for access/help.
  • ACTION: Drummond Reed will close issue #44 by checking with LF counsel Scott Nicholas as to what license should be stated in the LICENSE.MD file.
  • ACTION: Drummond Reed to begin a draft of a blog post announcing release of the Public Review Draft of the TAS.
  • ACTION: Drummond Reed to propose a storyline for a concluding section (or Appendix) that can incorporate all of the proposed diagrams in way that communicates the overall picture of the ToIP architecture from several views.
  • ACTION: Drummond Reed will work with Wenjing Chu and Neil Thomson to propose any revisions to the spec text and/or footnotes to explain how, from a ToIP context, "message integrity" is inherent in "authenticity".
  • ACTION: Darrell O'Donnell to create a document (Google doc or Google Slides) in the ToIP Google Drive to begin collaboration on the Trust Registry Task Force 2.0.
  • ACTION: Drummond Reed to ask Elisa Trevino to cancel the TATF meetings on Thursday Nov 17 due to Internet Identity Workshop.